b"                            SOCIAL SECURITY\n\n                                   January 31, 2008\n\nThe Honorable Henry Waxman\nChairman\nCommittee on Oversight and Government Reform\nHouse of Representatives\nWashington, D.C. 20515\n\nDear Mr Chairman:\n\nIn a December 7, 2007 letter, you asked that we provide a list of recommendations we\nmade from January 1, 2001 to the present that have not been implemented by Social\nSecurity Administration officials or by Congress.\n\nMy office is committed to combating fraud, waste, and abuse in the Social Security\nAdministration\xe2\x80\x99s operations and programs. The enclosed report details\nrecommendations we made from January 1, 2001 to the present that have not been\nimplemented. Additionally, we provided a copy of this report to the Social Security\nAdministration.\n\nIf you have any questions concerning this matter, please call me or have your staff\ncontact Wade Walters, Assistant Inspector General for Congressional and\nIntra-Governmental Liaison, at (202) 358-6319.\n\n                                               Sincerely,\n\n\n\n\n                                               Patrick P. O\xe2\x80\x99Carroll, Jr.\n                                               Inspector General\n\nEnclosure\n\ncc:\nMichael J. Astrue\n\n\n\n\n            SOCIAL SECURITY ADMINISTRATION        BALTIMORE MD 21235-0001\n\x0cCONGRESSIONAL RESPONSE\n       REPORT\n\n    Unimplemented Audit\nRecommendations Since January\n            2001\n\n         A-15-08-28105\n\n\n\n\n         January 2008\n\x0c                                    Mission\nBy conducting independent and objective audits, evaluations and investigations,\nwe inspire public confidence in the integrity and security of SSA\xe2\x80\x99s programs and\noperations and protect them against fraud, waste and abuse. We provide timely,\nuseful and reliable information and advice to Administration officials, Congress\nand the public.\n\n                                   Authority\nThe Inspector General Act created independent audit and investigative units,\ncalled the Office of Inspector General (OIG). The mission of the OIG, as spelled\nout in the Act, is to:\n\n  \xef\x81\xad Conduct and supervise independent and objective audits and\n    investigations relating to SSA programs and operations.\n  \xef\x81\xad Promote economy, effectiveness, and efficiency within the SSA.\n  \xef\x81\xad Prevent and detect fraud, waste, and abuse in SSA programs and\n    operations.\n  \xef\x81\xad Review and make recommendations regarding existing and proposed\n    legislation and regulations relating to SSA programs and operations.\n  \xef\x81\xad Keep the SSA head and the Congress fully and currently informed of\n    problems in SSA programs and operations.\n\n  To ensure objectivity, the IG Act empowers the IG with:\n\n  \xef\x81\xad Independence to determine what reviews to perform.\n  \xef\x81\xad Access to all information necessary for the reviews.\n  \xef\x81\xad Authority to publish findings and recommendations based on the reviews.\n\n                                     Vision\nWe strive for continual improvement in SSA\xe2\x80\x99s programs, operations and\nmanagement by proactively seeking new ways to prevent and deter fraud, waste\nand abuse. We commit to integrity and excellence by supporting an environment\nthat provides a valuable public service while encouraging employee development\nand retention and fostering diversity and innovation.\n\x0c                                                              Background\nOBJECTIVE\n\nTo provide the Committee on Oversight and Government Reform a list of\nrecommendations made by the Social Security Administration Office of the Inspector\nGeneral (SSA OIG), Office of Audit, from January 1, 2001 to the present that have not\nbeen implemented by the Social Security Administration (SSA).\n\nThis report is not an audit but rather the result of a data gathering effort by the SSA\nOIG. We shared the recommendations with SSA, and they provided us with their status\non these recommendations. However, we did not independently verify the status. Also,\nbecause this is not an audit, we did not perform this data gathering effort in accordance\nwith Governmental Auditing Standards. The information, however, has been shared\nwith SSA.\n\nBACKGROUND\nThe Social Security Administration (SSA) Office of the Inspector General, Office of Audit\n(OIG-OA), performs comprehensive audits, attestation engagements and evaluations of\nSSA's programs and operations. These audits are performed in accordance with\nGovernment Auditing Standards, applicable Office of Management and Budget (OMB)\ncirculars, bulletins and other legal, regulatory and administrative requirements. Audits\nand attestation engagements are conducted to detect and prevent fraud, waste, and\nabuse in SSA's programs and operations. The OIG-OA also has responsibility for the\ncomprehensive audit of SSA's annual financial statements. Evaluations are conducted\nin accordance with Quality Standards for Inspections issued by the President\xe2\x80\x99s Council\non Integrity and Efficiency (PCIE). OIG-OA also identifies opportunities for savings,\nbetter use of funds and improved program management and results through regulatory\nreform and policy change along with recommendations for corrective action and\nrecovery of funds.\n\nSince December 2001, SSA OIG has issued an annual report on the major\nmanagement challenges facing the Agency. The inaugural report, issued December 7,\n2001, identified 10 Management Challenge Areas. At that time they were:\n\n      Critical Information Infrastructure\n      Earnings Suspense\n      Fraud Risk\n      Identity Theft\n      Service to the Public\n      Disability Redesign\n      Enumeration\n      Government Performance and Results Act\n\n\n\nUnimplemented Audit Recommendations Since January 2001 (A-15-08-28105)                  1\n\x0c      Representative Payees\n      System Security and Controls\n\nOver the years, we have re-evaluated the list of challenges and, where appropriate,\ncombined, condensed or modified the list to reflect changes in the SSA environment. In\nour most recent Management Challenges Report which was issued in November 2007,\nwe identified the following Management Challenges:\n\n      \xe2\x80\xa2   Social Security Number Protection\n      \xe2\x80\xa2   Management of the Disability Process\n      \xe2\x80\xa2   Improper Payments and Recovery of Overpayments\n      \xe2\x80\xa2   Internal Control Environment and Performance Measures\n      \xe2\x80\xa2   Systems Security and Critical Infrastructure Protection\n      \xe2\x80\xa2   Service Delivery and Electronic Government\n\nFrom January 1, 2001 to January 4, 2008, OIG-OA performed 711 audits of which 2,440\nrecommendations have been presented to SSA. Our audits addressed occurences of\nfraud, waste, abuse as well as SSA\xe2\x80\x99s major management challenges as identified by\nSSA OIG. This document provides detailed information on unimplemented audit\nrecommendations made during the period January 1, 2001 to January 4, 2008. The\nrecommendations are categorized by the Major Management Challenges identified in\nOIG\xe2\x80\x99s 2007 Management Challenges Report. Each section contains narratives defining\nthe management challenge and the most significant recommendations. In determining\nthe priority classification of the recommendations, we used our professional judgment\nand considered other factors, such as dollar impact and criticality.\n\nIt should be noted that OIG-OA\xe2\x80\x99s goal is to maintain an annual rate of acceptance of at\nleast 85 percent for all audit recommendations. In fiscal year 2007, we surpassed our\ngoal by achieving a 97 percent rate of acceptance.\n\nAs evident by the FY 2007 rate of acceptance, OIG has maintained a good working\nrelationship with SSA. The Deputy Commissioner of Budget, Finance, and\nManagement, Audit Management and Liason Staff (AMLS) is responsible for SSA\xe2\x80\x99s\naudit management liasion activities with the Government Accountability Office and the\nOffice of the Inspector General. AMLS plays an important role in facilitating\ncommunication between SSA and OIG. The staff also maintains the official record of\naudit recommendations, responses, and status for SSA.\n\n\n\n\nUnimplemented Audit Recommendations Since January 2001 (A-15-08-28105)                    2\n\x0c                                                           Results of Review\nFrom January 1, 2001 to January 4, 2008, there have been 497 (20 percent of the\n2,440 recommendations) that have not been implemented by SSA. SSA agreed to 275\nof these recommendations. For the remaining 222 recommendations, SSA either\ndisagrees, 1 partially agrees, or a response is still pending2. Chart 1 illustrates:\n\n\n                                               CHART 1\n\n            Agency Response to Unimplemented Recommendations from\n                       January 1, 2001 to January 4, 2008\n\n\n                                          Pending\n                Partial Agreement           50\n                        15                 10%\n                        3%\n\n\n\n\n                                                                               Agency Agreed\n          Agency Disagreed\n                                                                                    275\n                157\n                                                                                   55%\n               32%\n\n\n\n\n1\n  If the SSA disagrees with our recommendation(s), they consider it \xe2\x80\x9cclosed\xe2\x80\x9d and do not provide further\nfollow-up.\n2\n  SSA\xe2\x80\x99s decision on the implementation of the recommendation has not been provided to OIG on the\nofficial Agency tracking sheet.\n\n\nUnimplemented Audit Recommendations Since January 2001 (A-15-08-28105)                                    3\n\x0cOf the unimplemented recommendations, OIG-OA has identified 60 which represent\n$2.6 billion in questioned costs, 3 25 which represent $3.4 billion in funds that could have\nbeen put to better use, and 412 which yield non-monetary benefits. Chart 2 and 3\nillustrate:\n\n                                                 CHART 2\n\n                 Unimplemented Recommendations with Questioned Costs\n                           by Major Management Challenges\n\n             Major Management                # of Recommendations             Questioned Cost\n             Challenge\n             Internal Control                            30               $       23,108,467\n             Improper Payments                           24               $    2,563,412,476\n             Service Delivery                             4               $         409,867\n             Management Disability                        1               $        2,197,772\n             Systems Critical Protection                  1               $       43,026,215\n             SSN Protection                               0               $              -\n             Total                                       60               $    2,632,154,797\n\n                                                 CHART 3\n\n                    Unimplemented Recommendations with Funds Put to\n                       Better Use by Major Management Challenges\n\n             Major Management              # of Recommendations         Funds Put to Better\n             Challenges                                                 Use\n             Improper Payments                         11               $        2,869,052,447\n             Service Delivery                           5               $          344,283,926\n             Internal Control                           4               $           13,884,616\n             Management Disability                      3               $          217,645,839\n             SSN Protection                             1               $            6,000,000\n             Systems Critical Protection                1               $            1,011,772\n             Total                                     25               $        3,451,878,600\n\n\n\n\n3\n    Questioned Costs are costs that are challenged because of violation of law, regulation, etc.\n\n\nUnimplemented Audit Recommendations Since January 2001 (A-15-08-28105)                             4\n\x0c      Based on the audit findings and the expected benefit to the SSA, we have ranked each\n      unimplemented recommendation as high, medium, or low. A high-level summary of all\n      high priority recommendations is located below in Chart 4. The corresponding details\n      are highlighted in red throughout the various management challenge sections. The\n      status information was provided by SSA\xe2\x80\x99s Audit Management Liaison Staff and was not\n      independently verified by our office.\n\n                                              CHART 4\n\n      Unimplemented High Priority Recommendations by Major Management Challenge\n\nMajor Management Challenges              High Priority    Total #            Total       Total Funds\n                                       Recommendations   which with       Questioned     Put to Better\n                                                            SSA             Cost              Use\n                                                         Concurred\nSocial Security Number Protection            26             19        $          -      $           -\nManagement of the Disability Process         17             14        $    2,197,772    $ 217,645,839\nImproper Payments and Recovery of            21             18        $2,398,619,067    $ 2,841,194,767\nOverpayments\nInternal Controls Environment and             3              0        $     4,491,286   $          -\nPerformance Measures\nSystems Security and Critical                26             13        $    43,026,215   $          -\nInfrastructure Protection\nService Delivery and Electronic               3              1        $           -     $ 344,247,728\nGovernment\nTotal                                        96             65        $2,448,334,340    $3,403,088,334\n\n\n\n\n      Unimplemented Audit Recommendations Since January 2001 (A-15-08-28105)                   5\n\x0c                                                                     Conclusions\nThe largest number of high priority recommendations that remain unimplemented relate\nto Social Security Number and Systems Security and Critical Infrastructure Protection.\nThe most significant SSN related recommendations focus on three areas: proactively\nseeking to limit the collection, use and disclosure of SSNs; establishing accurate,\nconsistent and effective SSN verification programs for employers and other users; and\nexamining the necessity of assigning SSNs to certain populations of noncitizens.\nAlthough many of these recommendations do not have quantifiable dollar savings or\nfunds that could be put to better use, they are important to the integrity of information\nmaintained by SSA; and as such, require management attention. Some of the\nunimplemented recommendations within systems security and critical infrastructure\nprotection focus on recent Government-wide initiatives for safeguarding personally\nidentifiable information and ensuring safeguards against unauthorized access to\nsensitive data. Similarly, these recommendations do not have dollar savings, but they\naddress security issues that are of concern to the Government, its stakeholders, and the\npublic.\n\nOne other area of interest over the past seven years has been improper payments. In\n2004, at the request of Senator Grassely, we conducted an evaluation on improper\npayments in SSA\xe2\x80\x99s disability programs. As a result, we estimated overpayments\namounting to $1.2 billion and quesitoned cost of $2.1 billion. Note that these amounts\nare not included in the summary charts in this document, as SSA has reported that the\nrecommendations in the report have been closed as implemented due to the ongoing\ncontinuing disability reviews (CDR) performed by SSA. However, over the past seven\nyears, the volume of CDRs performed by SSA has decreased from approximately 1.7\nmillion in FY 2001 to 765,000 in FY 2007 4.\n\nSSA management has agreed with a substantial number of the recommendations made\nsince 2001. In fact, since 2001, we have met or exceeded our performance goal of\nachieving Agency agreement on 85 percent of our recommendations. Furthermore, the\nAgency\xe2\x80\x99s implementation of approximately 79 percent of our recommendations reflects\nmanagement\xe2\x80\x99s responsiveness and commitment to addressing the management\nchallenges facing the Agency. Like many other Federal agencies, SSA is attempting to\nprovide sustained or improved services with limited resources. To that end, some of the\ndelays surrounding implementation of recommendations are the result of limited\nresources and management having to make judgment calls on where to use those\nlimited resources.\n\n     The details of the management challenges are available upon request.\n\n\n\n\n4\n    Source: SSA\xe2\x80\x99s FY 2001 and FY 2007 Performance and Accountability Reports\n\n\nUnimplemented Audit Recommendations Since January 2001 (A-15-08-28105)                   6\n\x0cOverview of the Office of the Inspector General\nThe Office of the Inspector General (OIG) is comprised of our Office of Investigations (OI),\nOffice of Audit (OA), Office of the Chief Counsel to the Inspector General (OCCIG), and Office\nof Resource Management (ORM). To ensure compliance with policies and procedures, internal\ncontrols, and professional standards, we also have a comprehensive Professional Responsibility\nand Quality Assurance program.\n                                        Office of Audit\nOA conducts and/or supervises financial and performance audits of the Social Security\nAdministration\xe2\x80\x99s (SSA) programs and operations and makes recommendations to ensure\nprogram objectives are achieved effectively and efficiently. Financial audits assess whether\nSSA\xe2\x80\x99s financial statements fairly present SSA\xe2\x80\x99s financial position, results of operations, and cash\nflow. Performance audits review the economy, efficiency, and effectiveness of SSA\xe2\x80\x99s programs\nand operations. OA also conducts short-term management and program evaluations and projects\non issues of concern to SSA, Congress, and the general public.\n\n\n                                    Office of Investigations\nOI conducts and coordinates investigative activity related to fraud, waste, abuse, and\nmismanagement in SSA programs and operations. This includes wrongdoing by applicants,\nbeneficiaries, contractors, third parties, or SSA employees performing their official duties. This\noffice serves as OIG liaison to the Department of Justice on all matters relating to the\ninvestigations of SSA programs and personnel. OI also conducts joint investigations with other\nFederal, State, and local law enforcement agencies.\n\n\n                   Office of the Chief Counsel to the Inspector General\nOCCIG provides independent legal advice and counsel to the IG on various matters, including\nstatutes, regulations, legislation, and policy directives. OCCIG also advises the IG on\ninvestigative procedures and techniques, as well as on legal implications and conclusions to be\ndrawn from audit and investigative material. Finally, OCCIG administers the Civil Monetary\nPenalty program.\n                              Office of Resource Management\nORM supports OIG by providing information resource management and systems security. ORM\nalso coordinates OIG\xe2\x80\x99s budget, procurement, telecommunications, facilities, and human\nresources. In addition, ORM is the focal point for OIG\xe2\x80\x99s strategic planning function and the\ndevelopment and implementation of performance measures required by the Government\nPerformance and Results Act of 1993.\n\x0c"